Update $explodedName with reversed array #7814
With reference to issue #7813
array_reverse returns the reversed array, it does not change the original array.
Line 441 to 444 of libraries/joomla/filter/JInputFilter.php extracts possible extensions in the file name to check against a list of invalid extensions.
On line 442, array_reverse is used to re-arrange the array created so as to move the file name to the end, removing it with array_pop on line 443, but array_reverse returns the re-ordered array, it does not change the original array - http://php.net/manual/en/function.array-reverse.php
Therefore line 442 should be:
$explodedName = array_reverse($explodedName);
Tested successfull with this script.
<?php $intendedName = 'download.xml'; $explodedName = explode('.', $intendedName); array_reverse($explodedName); // $explodedName = array_reverse($explodedName); array_pop($explodedName); array_map('strtolower', $explodedName); print_r($explodedName);
If we change the script to:
<?php $intendedName = 'download.xml'; $explodedName = explode('.', $intendedName); // array_reverse($explodedName); $explodedName = array_reverse($explodedName); array_pop($explodedName); array_map('strtolower', $explodedName); echo $explodedName; print_r($explodedName);
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7814.
Test : Success.
The original code is clearly wrong and making file extension check doesn't work properly (instead of removing file name from array, it actually removes the file extension, so file extension is not being checked/validated with $options['forbidden_extensions']). This PR just correct it.
Sep 7, 2015
We have now a regression on installing Kunena 3rt party templates:
Missing file to extract:
How to reproduce:
@810 Reason is likely that you want to upload a file with a forbidden extension (eg ".php") then. That check was supposed to work since 3.4.0, but was broken.
I have same issue with my extension. I think you will need to modify code in the line 103
file = $this->app->input->files->get('install_package');
file = $this->app->input->files->get('install_package', null, 'raw');
The reason is because this block of code https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/input/files.php#L81-L89
I just wanted to point out the needed changes. There are two changes needed: